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DETAILED ACTION 



1 . This action is in response to the communication filed on August 28, 2003. 
Claims 1-38 were originally received for consideration. No preliminary amendments for 
the claims were received. 

2. Claims 1-38 are currently pending consideration. 



Information Disclosure Statement 



3. Initialed and dated copies of the Applicant's IDS form 1449, received on 8/28/03, 
1/6/05, 9/25/06, and 1 1/6/07, are attached to this Office action. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-3, 5, 7-10, 12-14, 16, 18-20, 22-25, 27, 29-31, 33-35, and 38 are 



rejected under 35 U.S.C. 102(e) as being anticipated by Lortz (U.S. Patent 7,107,610). 
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Regarding claim 1, Lortz discloses: 

A method of use by a server coupled to one or more client devices in a 
distributed computing environment, the method comprising: 

hosting a set of resources (column 2, lines 35-41 : "resource manager"); 

receiving a request for a user to perform an operation on a resource of the 
resources, the request being via an application hosted by the server (column 1 , line 65 - 
column 2, line 9), wherein a client generates a resource request over the network to 
access the resources] and 

determining whether to authorize the operation as a function of whether the user 
has been delegated authority to perform the operation with respect to the resource, the 
authority being independent of whether the user is a member of an administrators group 
associated with any resource of the server (column 2, lines 10-14), wherein a client can 
delegate its authorization credentials to a second client which can then use those 
credentials to access the server. 

Claim 2 is rejected as applied above in rejecting claim 1 . Furthermore, Lortz 
discloses: 

A method as recited in claim 1 , wherein determining whether to authorize the 
operation is performed by a secure delegation administration framework (column 2, 
lines 10-14), wherein a client can delegate its authorization credentials. 
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Claim 3 is rejected as applied above in rejecting claim 1 . Furthermore, Lortz 
discloses: 

A method as used in claim 1 , wherein the operation is associated with 
modification of content and/or functionality of the resource (column 1, lines 45-52), 
wherein the client is associated with a resource operation. 

Claim 5 is rejected as applied above in rejecting claim 1 . Furthermore, Lortz 
discloses: 

A method as recited in claim 1 , wherein the request comprises a scope 
associated with the user, and a name of a method associated with the operation 
(column 1 , line 65 - column 2, line 9), wherein the resource request includes the 
authorization credentials for the client. 

Claim 7 is rejected as applied above in rejecting claim 1 . Furthermore, Lortz 
discloses: 

A method as recited in claim 1 , wherein the request further comprises an 
indication of whether the user desires to execute the operation via a dynamically built 
command line or via an executable object already associate with the operation (column 
1 , lines 45-52), wherein a client is associated with a resource operation. 

Claim 8 is rejected as applied above in rejecting claim 1 . Furthermore, Lortz 
discloses: 
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A method as recited in claim 1 , wherein the request further comprises an 
indication of whether the user desires to log a result of the operation (column 1 , lines 
45-52), wherein a client is associated with a resource operation, which can include 
accessing a file. 

Claim 9 is rejected as applied above in rejecting claim 1 . Furthermore, Lortz 
discloses: 

A method as recited in claim 1, wherein the secure delegation administration 
framework is secure at least because it does not allow the user access to mapping of 
user role-based permission to perform the operation directed to the resource (column 2, 
lines 35-43, column 3, lines 19-23), wherein the user has no control over the mapping 
but the resource manager does the mapping of the resource requests. 

Claim 10 is rejected as applied above in rejecting claim 1 . Furthermore, Lortz 
discloses: 

A method as recited in claim 1 , wherein the method further comprises: 
installing the application on the server (column 2, lines 35-37), wherein a 

resource manager is a program module installed on the server; 

responsive to the installing, the application identifying a set of operations that the 

application can perform (column 2, lines 15-19, 51-56), wherein the resources that a 

server manages is determined] 
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mapping, by a member of the administrators group, the operations to a set of 
security permissions based on authorization specific role(s) of a set of users comprising 
the user (column 1 , lines 39-44), wherein each client is associated (mapped) to 
authorization credentials which represent the privilege level that the client is assigned; 
and 

wherein determining further comprises the application utilizing the mapping to 
identify whether the user has permission to perform the operation (column 2, lines 35- 
50), wherein the authorization credentials accompanying the resource request are 
mapped to a certain access level, so that the server can check if the client is authorized 
to access the requested resource. 

Claim 12 is rejected as applied above in rejecting claim 1 . Furthermore, Lortz 
discloses: 

A method as recited in claim 1 , wherein responsive to determining that the user 
has been delegated authority to perform the operation with respect to the resource, the 
method further comprises: 

setting parameters associated with the operation (column 1, lines 45-50); and 
executing the operation within a scope associate with the user (column 1 , lines 
39-44), wherein each client is associated (mapped) to authorization credentials which 
represent the privilege level that the client is assigned in regards to the resource. 



Regarding claim 13, Lortz discloses: 
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A computer-readable medium for use in a distributed computing environment 
including a server and one or more client computing devices coupled to the server, the 
computer-readable medium comprising computer-executable instructions for: 

hosting a set of resources(column 2, lines 35-41 : "resource manager"), a 
particular resource of the resources allowing a user to determine whether the user has 
delegated authority to access a resource of the resources (column 1 , line 65 - column 
2, line 9), wherein the resource request includes the authorization credentials for the 
client; 

receiving a request from the user to perform an operation on the resource 
(column 1, line 65 - column 2, line 9), wherein a client generates a resource request 
over the network to access the resources; and 

determining whether to authorize the operation as a function of whether the user 
has been delegated a role-based scope of authority to perform the operation, the role- 
based scope of authority not requiring the user to be a member of an administrators 
group associated with any resources of the server (column 2, lines 10-14), wherein a 
client can delegate its authorization credentials to a second client which can then use 
those credentials to access the server. 

Claim 14 is rejected as applied above in rejecting claim 13. Furthermore, Lortz 
discloses: 

A computer-readable medium as recited in claim 13, wherein the operation is 
associated with modification of content and/or functionality of the resource (column 1 , 
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lines 45-52), wherein the client is associated with a resource operation. 

Claim 16 is rejected as applied above in rejecting claim 13. Furthermore, Lortz 
discloses: 

A computer-readable medium as recited in claim 13, wherein the request 
comprises a scope associated with the user, and a name of a method associated with 
the operation (column 1 , line 65 - column 2, line 9), wherein the resource request 
includes the authorization credentials for the client. 

Claim 18 is rejected as applied above in rejecting claim 13. Furthermore, Lortz 
discloses: 

A computer-readable medium as recited in claim 13, wherein the request further 
comprises an indication of whether the operation is to be executed via a dynamically 
built command line or via an executable object already associated with the operation 
(column 1 , lines 45-52), wherein a client is associated with a resource operation. 

Claim 19 is rejected as applied above in rejecting claim 13. Furthermore, Lortz 
discloses: 

A computer-readable medium as recited in claim 13, wherein operations 
associated with determining whether to authorize the operations are secure at least 
because the user does not have access to user role-based permission(s) to perform the 
operation (column 2, lines 35-43, column 3, lines 19-23), wherein the user has no 
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control over the mapping but the resource manager does the mapping of the resource 
requests. 

Claim 20 is rejected as applied above in rejecting claim 13. Furthermore, Lortz 
discloses: 

A computer-readable medium as recited in claim 13, wherein the computer- 
executable instructions further comprise instructions for: 

identifying a set of operations associated with the resource (column 2, lines 15- 
19, 51-56), wherein the resources that a server manages is determined] 

mapping the operations to a set of security permissions, the security permissions 
being based on authorization specific role(s) of a set of users comprising the user 
(column 1 , lines 39-44), wherein each client is associated (mapped) to authorization 
credentials which represent the privilege level that the client is assigned] and 

wherein the instructions for determining further comprise instructions for utilizing 
the mapping to identify whether the user has permission to perform the operation 
(column 2, lines 35-50), wherein the authorization credentials accompanying the 
resource request are mapped to a certain access level, so that the server can check if 
the client is authorized to access the requested resource. 

Claim 22 is rejected as applied above in rejecting claim 13. Furthermore, Lortz 
discloses: 
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A computer-readable medium as recited in claim 13, wherein the computer- 
executable instructions, responsive to determining that the user has been delegated 
authority to perform the operation with respect to the resource, further comprise 
instructions for: 

setting parameters associated with the operation (column 1, lines 45-50); and 
executing the operation within a scope associated with the user (column 1 , lines 
39-44), wherein each client is associated (mapped) to authorization credentials which 
represent the privilege level that the client is assigned in regards to the resource. 

Regarding claim 23, Lortz discloses: 

A server for use in a distributed computing environment including the server and 
one or more client computing devices coupled to the server, the server comprising: 

a processor (column 2, lines 35-41 : "resource manager");; and 

a memory coupled to the processor, the memory comprising computer- 
executable instructions for: 

hosting a set of resources(column 2, lines 35-41 : "resource manage?');; 

receiving a request from a user to perform an operation on a resource of the 
resources (column 1 , line 65 - column 2, line 9), wherein the resource request includes 
the authorization credentials for the client; and 

determining whether to authorize the operation as a function of whether the user 
has been delegated a role-based scope of authority to perform the operation, the role- 
based scope of authority not requiring the user to be a member of an administrators 
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group associated with resources of the server (column 2, lines 10-14), wherein a client 
can delegate its authorization credentials to a second client which can then use those 
credentials to access the server. 

Claim 24 is rejected as applied above in rejecting claim 23. Furthermore, Lortz 
discloses: 

A server as recited in claim 23, wherein the request is generated by at least one 
resource of the resources (column 1, line 65 - column 2, line 9), wherein the resource 
request includes the authorization credentials for the client. 

Claim 25 is rejected as applied above in rejecting claim 23. Furthermore, Lortz 
discloses: 

A server as recited in claim 23, wherein the operation is associated with 
modification of content and/or functionality of the resource (column 1, lines 45-52), 
wherein the client is associated with a resource operation. 

Claim 27 is rejected as applied above in rejecting claim 23. Furthermore, Lortz 
discloses: 

A server as recited in claim 23, wherein the request comprises a scope 
associated with the user, a name of a method associated with the operation (column 1 , 
line 65 - column 2, line 9), wherein the resource request includes the authorization 
credentials for the client. 
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Claim 29 is rejected as applied above in rejecting claim 23. Furthermore, Lortz 
discloses: 

A server as recited in claim 23, wherein the request further comprises an 
indication of whether the operation is to be executed via a dynamically built command 
line or via an executable object already associated with the operation (column 1 , lines 
45-52), wherein a client is associated with a resource operation. 

Claim 30 is rejected as applied above in rejecting claim 23. Furthermore, Lortz 
discloses: 

A server as recited in claim 23, wherein the secure delegation administration 
framework is secure at least because it does not allow the user access to a mapping of 
user role-based permission to perform the operation directed to the resource (column 2, 
lines 35-43, column 3, lines 19-23), wherein the user has no control over the mapping 
but the resource manager does the mapping of the resource requests. 

Claim 31 is rejected as applied above in rejecting claim 23. Furthermore, Lortz 
discloses: 

A server as recited in claim 23, wherein the computer-executable instructions 
further comprise instructions for: 

identifying a set of operations associated with the resource (column 2, lines 15- 
19, 51-56), wherein the resources that a server manages is determined] 



Application/Control Number: 10/650,891 Page 13 

Art Unit: 2131 

mapping the operations to a set of security permissions based on authorization 
specific role(s) of a set of users comprising the user (column 1 , lines 39-44), wherein 
each client is associated (mapped) to authorization credentials which represent the 
privilege level that the client is assigned] and 

wherein the instructions for determining further comprise instructions for utilizing 
the mapping to identify whether the user has permission to perform the operation 
column 2, lines 35-50), wherein the authorization credentials accompanying the 
resource request are mapped to a certain access level, so that the server can check if 
the client is authorized to access the requested resource. 

Claim 33 is rejected as applied above in rejecting claim 23. Furthermore, Lortz 
discloses: 

A server as recited in claim 23, wherein the computer-executable instructions, 
responsive to determining that the user has been delegated authority to perform the 
operation with respect to the resource, further comprise instructions for: 

setting parameters associated with the operation (column 1, lines 45-50); and 
executing the operation within a scope associated with the user (column 1 , lines 
39-44), wherein each client is associated (mapped) to authorization credentials which 
represent the privilege level that the client is assigned in regards to the resource. 

Regarding claim 34, Lortz discloses: 
A server comprising: 
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means for hosting a set of resources (column 2, lines 35-41 : "resource 
manager 4 '); 

means for receiving a request from the user to perform an operation on a 
resource of the resources (column 1, line 65 - column 2, line 9), wherein a client 
generates a resource request over the network to access the resources] and 

means for determining whether to authorize the operation as a function of 
whether the user has been delegated a role-based scope of authority to perform the 
operation, the role-based scope of authority not requiring the user to be a member of an 
administrators group associated with the server (column 2, lines 10-14), wherein a client 
can delegate its authorization credentials to a second client which can then use those 
credentials to access the server. 

Claim 35 is rejected as applied above in rejecting claim 34. Furthermore, Lortz 
discloses: 

A server as recited in claim 34, wherein the operation is associated with 
modification of content and/or functionality of the resource (column 1, lines 45-52), 
wherein the client is associated with a resource operation. 

Claim 38 is rejected as applied above in rejecting claim 34. Furthermore, Lortz 
discloses: 
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A server as recited in claim 34, wherein responsive to determining that the user 
has been delegated authority to perform the operation with respect to the resource, the 
server further comprises: 

means for setting parameters associated with the operation (column 1 , lines 45- 
50); and 

means for executing the operation within a scope associated with the user 
(column 1 , lines 39-44), wherein each client is associated (mapped) to authorization 
credentials which represent the privilege level that the client is assigned in regards to 
the resource. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 6,11,15,17,21,26,28,32 and 36-37 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Lortz (U.S. Patent 7,107,610) in view of Krishnan et al. (U.S. 
Patent 6,222,856). 

Claims 4, 15, 26, and 36 are rejected as applied above in rejecting the claims 
above. Lortz does not explicitly teach that the resource is an Internet Information 
Service (IIS) metabase node. Krishnan discloses a IIS system which uses a metabase 
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to obtain information about any virtual service (Krishnan: column 6, lines 37-46). Lortz 
and Krishnan are analogous arts because both have to do with controlling resources via 
a server. It would have been obvious to use the IIS metabase of Krishnan in the 
resource authorization framework of Lortz so the authorization framework of Lortz can 
use the metabase of Krishnan to look up names of virtual services, and their bandwidth 
thresholds, so that it can more efficiently authorize requests and reduce network 
congestion (Krishnan: column 6, lines 35-47). 

Claims 6, 17, 28, and 37 are rejected as applied above in rejecting the claims 
above. Lortz teaches a server and that a client cannot perform administrative activities 
associated with the server without sending a request to the server for permission 
evaluation (Lortz: column 1 , line 65 - column 2, line 9). Lortz does not explicitly teach 
that the resources that are to be accessed are Web sites hosted by an ISP. Krishnan 
discloses that a network server is an ISP that provides services to a client over the 
Internet (Krishnan: column 4, lines 23-37). It would have been obvious for the network 
server of Lortz to be an ISP hosting Web sites, as the system of Lortz is over the 
Internet, and ISPs are ubiquitous throughout the Internet. 

Claims 11,21, and 32 are rejected as applied in rejecting the claims above. 
Furthermore, Lortz discloses: 

specifying, by a member of a administrators group, role-based user access 
permissions to nodes (column 2, lines 35-50), wherein the authorization credentials 
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accompanying the resource request are mapped to a certain access level, so that the 
server can check if the client is authorized to access the requested resource] 

indicating an interface to a task, the interface comprising a set of parameters and 
a name (column 1 , line 65 - column 2, line 9), wherein the resource request includes 
the authorization credentials for the client, the task comprising the operation; and 
wherein determining further comprises: 

locating the interface in a configuration file (column 2, lines 45-50), 
wherein the service searches the resource structure to find the client's information 
(configuration file) to check if the client's request should be granted] 

responsive to locating the interface, presenting an identity of the user to 
the resource to evaluate a scope in view of the parameters and the name of the 
resource (column 1 , line 65 - column 2, line 9), wherein the resource request includes 
the authorization credentials for the client] and 

responsive to the presenting, identifying whether the user has been 
delegated a role-based access permission to perform the operation with respect to the 
resource server (column 2, lines 10-14), wherein a client can delegate its authorization 
credentials to a second client which can then use those credentials to access the 
server. 

Lortz does not explicitly teach that the resource is an Internet Information Service 
(IIS) metabase node. Krishnan discloses a IIS system which uses a metabase to obtain 
information about any virtual service (Krishnan: column 6, lines 37-46). Lortz and 
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Krishnan are analogous arts because both have to do with controlling resources via a 
server. It would have been obvious to use the IIS metabase of Krishnan in the resource 
authorization framework of Lortz so the authorization framework of Lortz can use the 
metabase of Krishnan to look up names of virtual services, and their bandwidth 
thresholds, so that it can more efficiently authorize requests and reduce network 
congestion (Krishnan: column 6, lines 35-47). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is 
(571)272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Kaveh Abrishamkar/ 
Examiner, Art Unit 21 31 

IK. A./ 

March 5, 2008 
Examiner, Art Unit 2131 



